In this groundbreaking book, best selling author James C. Foster reveals for the first the methods hackers use to attack and exploit the core components of operating systems and their applications. He provides working code and scripts in C/C++, Java, Per;, and NASL to detect and defend against the most dangerous attacks. This book covers in detail the five most important disciplines for security professionals and software developers: Coding, Sockets, Shellcode, Porting Applications, and Coding Security tools.

Introduction

I tend to approach books like these with much skepticism because they tend to be long on bluster and short on substance, especially when I see phrases like "Elite Programming Techniques Demystified". I also immediately noticed that there was an almost intimidating amount of code. I consider myself a competent programmer, and I hoped that I wasn't going to get snowed under by code I could not follow.

Chapter Synopsis & Review Comments

As stated in the blurb from the back cover, the book is divided into five basic sections, with the first chapter of the book being a rather gentle introduction to the syntactic differences between C, C++, Java, Perl, as well as a brief discussion of Python. There are several samples of each language, and concise explanations.

Chapter two is devoted entirely to NASL Scripting. For those that are not familiar with NASL (and I was not), it is a scripting language optimized for use with the Nessus security scanner. The scripts can then be shared with other Nessus users.

Chapter three begins the section on sockets programming by introducing BSD sockets and the various BSD sockets API. this chapter is the first one that is really code intensive, with code for an SNMAP Scanner and an RPC Program scanner covering over a dozen pages alone.

Chapter four covers Windows sockets, and chapter five finishes off the sockets programming section with Java sockets. One of the highlights of the Java section for me was the WormCather application, a relatively simple app designed to tie together the java.net samples with a simple application that scans client connections for any instances of the CodeRedII worm.

Chapters six and seven present an in depth look at the difficulties of writing portable code and portable network programming. These two chapters build on the earlier sockets programming section, as well as introducing differences between implementation of the APIs on BSD versus Windows.

Chapter eight opens the section on Shellcoding with a crash course in Assembly Programming, some of the tools necessary to compile, debug, and trace code execution, and some simple exploits. Chapter nine goes from a simple Linux “Hello World” Shellcode , brief examples and descriptions of various system calls, ending with a disassembly of a portion of the Linux/Slapper worm.

Chapters thirteen discusses Component Object Model theory and usage, and Active Template Libraries, and chapter fourteen presents a “ground-up” approach to enhancing a tool already available, and implement the various approaches presented in the rest of the book.

The Appendices include a glossary, a nice list of security related tools (free and commercial), exploit archives, a Syscall reference, and a data conversion reference.

The four E-Books available on the website include ninety-one pages on Windows Shellcode, sixty-eight pages on Enterprise Scanning, a thirty page PHP Security Reference, and fourty-four pages on Format String attacks.

Style and Detail

I think I would be doing potential readers a disservice if I said that this book was anything but dense. There is a lot of code, and thankfully, plenty of description to go along with it. In most cases, the code samples build on each other in a more or less comprehensive fashion, with only a few instances where the code went from relatively simple to over-the-top. The chapters are laid out in textbook fashion, each beginning with a brief overview, and ending with a summary of the highpoints of the chapter, links to related websites, and relevant FAQs. A discussion of low level programming is difficult without becoming mired in details, and I think the book moves along fairly well. That’s not to say it is a breezy read by any means. I could easily see this as a companion text for an upper-level Operating Systems class, or a security programming class.

Conclusion

I only have one real complaint with the book, and that is with Chapter 4. The code analysis repeatedly makes reference to line zero of the various code samples, where all code samples start with line number one. It’s not a big deal, but when you are trying to absorb what is happening with the code, plus keep in mind that all of the descriptions are off by one line, and sometimes more. At any rate, I found myself getting extremely frustrated with the chapter, although someone more versed in C code probably will not be as bothered. I’m sure it will be fixed in future editions, and it’s not something for which I blame the authors.

One of my major gripes with books like this is that they tend to run page after page of intense detail without providing readers some breathing room. I find that after four or five pages of code and technical analysis that I start to lose focus. Although the chapters contain little notes and tips, they are rare.

Although each topic is covered somewhat superficially, the examples are specific enough and focused enough that they serve as a springboard for further exploration.
From a technical standpoint, I have no complaints. I didn’t expect to become an overnight guru, and the exploits are based on older vulnerabilities. The code samples I tried worked, and there is enough explanation that a person could apply the techniques to newer targets. I was able to follow the code samples most of the time. When I wasn't, it was generally due to gaps in my knowledge of various APIs.

This book receives an honored SFDC Rating of 9/10.

Chad Clites
SFDC Reviewer

Keywords: Keywords here

This review is copyright 2006 by the author and Security-Forums Dot Com, and may not be reproduced in any form in any media without the express permission of the author, or Security-Forums Dot Com.

Last edited by Groovicus on Tue Jun 06, 2006 3:36 am; edited 1 time in total